{
  "schema_version": "1.0",
  "id": "archive:https://www.youtube.com/watch?v=xg1zNlzw7Jk",
  "slug": "claws-out-securing-and-building-with-openclaw-nick-taylor-pomerium-1d7hzkq",
  "url": "https://feed7.dev/p/claws-out-securing-and-building-with-openclaw-nick-taylor-pomerium-1d7hzkq",
  "title": "Claws Out: Securing and Building with OpenClaw - Nick Taylor, Pomerium",
  "why_included": "OpenClaw’s trusted-proxy mode removes duplicate WebSocket tokens and device pairing, but only if proxy IPs and identity headers are tightly constrained.",
  "summary": "OpenClaw’s **trusted-proxy mode** lets an identity-aware proxy gate the control plane. Configuration names trusted proxy IPs plus a user header and required headers, removing separate WebSocket tokens and device pairing.",
  "practical_implication": "Use it when exposing a local agent workspace through an authenticated proxy. Keep the trust boundary narrow, and give the agent’s GitHub credentials limited permissions; the demo’s full access let it open a PR before review.",
  "agent_context": "OpenClaw’s **trusted-proxy mode** lets an identity-aware proxy gate the control plane. Configuration names trusted proxy IPs plus a user header and required headers, removing separate WebSocket tokens and device pairing.\n\nUse it when exposing a local agent workspace through an authenticated proxy. Keep the trust boundary narrow, and give the agent’s GitHub credentials limited permissions; the demo’s full access let it open a PR before review.\n\nThe security gain depends on correct proxy and header configuration. The speaker also encountered a pairing-related bug missed by local testing, so test fresh clients and unpaired devices before relying on the setup.",
  "source": {
    "name": "YouTube",
    "url": "https://www.youtube.com/watch?v=xg1zNlzw7Jk",
    "published_at": null
  },
  "source_class": "video",
  "content_type": "Video",
  "layer": "infra",
  "domains": [
    "coding",
    "security"
  ],
  "topics": [
    "gateways",
    "sandboxing",
    "coding-agents"
  ],
  "verification": {
    "status": "source_linked",
    "label": "Source Linked",
    "method": "source_feed",
    "verified_at": null
  },
  "uncertainty": [
    "The security gain depends on correct proxy and header configuration. The speaker also encountered a pairing-related bug missed by local testing, so test fresh clients and unpaired devices before relying on the setup."
  ],
  "lifecycle": "Current",
  "published_at": null,
  "modified_at": null,
  "supersedes": [],
  "expires_at": null,
  "formats": {
    "html": "https://feed7.dev/p/claws-out-securing-and-building-with-openclaw-nick-taylor-pomerium-1d7hzkq",
    "json": "https://feed7.dev/p/claws-out-securing-and-building-with-openclaw-nick-taylor-pomerium-1d7hzkq.json",
    "markdown": "https://feed7.dev/p/claws-out-securing-and-building-with-openclaw-nick-taylor-pomerium-1d7hzkq.md"
  }
}